COOKIE POLICY

Last Updated: November 30, 2025

Rooted History (rootedhistory.io) is operated by Rooted Security LLC.

We use exactly one cookie and nothing else.

| Cookie Name | Purpose | Type | Duration | Attributes |

|------------------|-----------------------------|-------------------|------------------|-----------------------------|

| `rooted_session` | Keeps you logged in securely | First-party, essential | Session or max 24 h (if "remember me") | HttpOnly, Secure, SameSite=Lax |

What this cookie does

• Remembers that you successfully logged in via FamilySearch OAuth
• Lets you move between pages without re-authenticating
• Expires automatically after 60 minutes of inactivity or 24 hours total

What this cookie never does

• Track your activity
• Contain your name, email, or family tree data
• Survive past you closing the browser (unless you chose "remember me")
• Get shared with any third party
• Enable advertising or analytics

We do NOT use

• Analytics cookies (Google Analytics, PostHog, etc.)
• Advertising or retargeting cookies
• Social-media pixels or trackers
• Any third-party cookies at all

Legal classification

The `rooted_session` cookie is strictly necessary for the Service to function and is therefore exempt from consent requirements under the ePrivacy Directive, GDPR, PECR (UK), and similar laws.

Your choices

• Use the Service → the cookie is required to stay logged in
• Block or delete the cookie → you will be unable to log in (public pages remain accessible)
• Use private/incognito mode → the cookie is deleted when you close the window

How to delete or block it

Use your browser's standard cookie controls. Blocking it simply logs you out.

Changes

If we ever add a non-essential cookie we will update this policy, display a consent banner, and ask for your permission first.

Questions?

Email privacy@rootedsecurity.io

Summary: One essential cookie. Zero tracking. Zero ads. Zero data sale.